Hi, Maybe clamav-rules are out-of-date, last update was 4 years ago but Jesus Linares wrote a few improvements few months ago (ClamAV rules <https://github.com/wazuh/ossec-wazuh/blob/master/etc/rules/clam_av_rules.xml> ).
If clamscan has a different format the decoders won't work properly, you can test the current decoders and rules using logtest: /var/ossec/bin/ossec-logtest Feel free to improve them or paste here some log example so we can figure out how to improve them. Regards, Pedro S. On Monday, February 22, 2016 at 5:07:48 PM UTC+1, Barry Kaplan wrote: > > Anybody here using clamav? It seems the ossec rules for clamav depend on > the syslog format. But clamav-daemon does not run as root, so really it > can't scan much of anything. And the clamscan never writes to syslog and > its output is in a different format than clamav-daemon. > > Not really an ossec question, but how is clamav useful it cannot see most > files? > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
